eIDAS 2 Digital Identity Wallet: 2026 Guide

The entry into force of the eIDAS 2 regulation marks a historic turning point for digital identity management in Europe. With the EUDI Wallet — European Digital Identity Wallet — each citizen and business will soon have a sovereign, interoperable digital wallet recognized in all 27 Member States. For legal, HR, compliance and IT directors, this regulatory initiative opens as many opportunities as operational challenges. This article decrypts the technical and legal functioning of the EUDI Wallet, its concrete implications for businesses and how it articulates with existing qualified electronic signature solutions.

What is eIDAS 2 and the EUDI Wallet?

From eIDAS 1.0 to eIDAS 2.0: structural evolution

Adopted in 2014, Regulation eIDAS No. 910/2014 laid the foundations for digital trust in Europe: qualified electronic signatures, seals, timestamps and authentication services. But a decade later, its limitations became apparent: insufficient interoperability between Member States, unequal adoption of national digital identities, absence of a unified wallet. Regulation (EU) 2024/1183, known as eIDAS 2, officially adopted on 11 April 2024 in the EU Official Journal, corrects these shortcomings by imposing a common framework for sovereign digital identity.

To delve deeper into the entire new regulatory framework, consult our comprehensive guide to eIDAS 2.0 regulation.

EUDI Wallet: architecture and founding principles

The EUDI Wallet (European Digital Identity Wallet) is a mobile and/or software application that each Member State must make available to its citizens and residents no later than 2026, in accordance with Article 5a of the revised regulation. In concrete terms, this digital wallet allows:

• Storing and presenting verified identity attributes: identity card, driving license, diplomas, professional accreditations, intra-Community VAT number for legal entities.
• Authenticating the user to public and private services at high levels of assurance (LoA High according to Annex I of the regulation).
• Electronically signing documents at a qualified level, leveraging certified Qualified Electronic Signature Creation Devices (QSCD).
• Selectively sharing data (principle of selective disclosure) without revealing more information than necessary — a major contribution to GDPR compliance.

The architecture is based on technical specifications published by the European Commission via the Architecture and Reference Framework (ARF), maintained by the EUDIW consortium (European Digital Identity Wallet). The adopted presentation formats include notably ISO/IEC 18013-5 (mDL — mobile Driver's Licence) and SD-JWT VC (Selective Disclosure JSON Web Token Verifiable Credentials), two open standards ensuring portability.

Who is concerned? Relying Party companies

eIDAS 2 introduces the concept of Relying Party (user organization). Any organization — private company, administration, online platform — that accepts identity attributes from the EUDI Wallet must register with its Member State and comply with a set of technical and security obligations. Article 5b of the regulation specifies that large platforms (within the meaning of the DSA) and certain sectors (banking, health, energy) will be obliged to accept the EUDI Wallet from the start of national production.

Technical functioning of EUDI Wallet for businesses

The authentication and signature flow step by step

Understanding the technical flow is essential to anticipate integration into information systems. A typical contract signature scenario via EUDI Wallet unfolds as follows:

1. Initialization: the Relying Party (e.g. your SaaS platform) generates a presentation request compliant with the OpenID4VP protocol (OpenID for Verifiable Presentations).
2. Notification: the user receives a notification on their mobile EUDI Wallet.
3. Consent and selection: the user chooses which attributes to share (name, surname, date of birth) via the selective disclosure interface.
4. Verifiable presentation: the wallet generates a cryptographic proof signed by the Trusted Issuer (the Member State or an accredited provider).
5. Verification: the Relying Party verifies the proof via the European trust register (Trust Framework), without storing superfluous data.
6. Qualified signature: if a signature act is required, the QSCD embedded in the wallet or hosted in the cloud (QSign) produces a qualified signature compliant with ETSI EN 319 132.

This flow guarantees a level of assurance of LoA High, the highest provided for by the regulation, equivalent to face-to-face verification.

Integration with existing electronic signature platforms

Electronic signature solution publishers must integrate the OpenID4VCI (issuance) and OpenID4VP (presentation) protocols to connect to the EUDI ecosystem. For businesses already using an eIDAS 1.0-compliant platform, the transition to eIDAS 2 involves a technical version upgrade, but preserves the legal value of signatures already made. It is therefore strategic to evaluate your current provider's roadmap, especially if you are considering migrating from DocuSign or YouSign to a more compliant solution.

Digital identity of legal entities: the business challenge

eIDAS 2 is not limited to natural persons. Article 5a §3 explicitly provides for wallets for legal entities, enabling businesses to:

• Prove their legal existence (equivalent to a verifiable digital business registration certificate).
• Delegate signing powers to their employees in an audited and revocable manner.
• Automate KYB (Know Your Business) verification in B2B contractual processes.

This dimension is particularly transformative for electronic signature processes in business, notably in HR, legal and financial sectors.

Deployment schedule and regulatory obligations 2024-2026

Implementation phases according to the regulation

Regulation (EU) 2024/1183 sets a binding schedule:

• April 2024: publication in the Official Journal, entry into force 20 days later.
• End of 2024: publication of Implementing Acts defining mandatory technical specifications.
• 2025: deployment of national pilot wallets (large-scale pilots projects: EU Digital Identity Wallet Large Scale Pilots, funded at €46 million by the Commission).
• End of 2026: mandatory availability by all Member States of at least one operational EUDI Wallet. Large platforms and regulated sectors must accept it.

For French businesses, deployment relies on La Poste digital identity and ANSSI's work concerning certification of national Trusted Issuers.

Obligations for Relying Parties

Businesses that wish to or must accept the EUDI Wallet are subject to several obligations:

1. Registration with the competent national authority (in France, ANSSI and CNIL as applicable).
2. Technical compliance with ARF v2.x specifications published on GitHub by the European Commission.
3. Transparency: publish in a public register the attributes requested and the purpose of processing.
4. Data minimization: request only attributes strictly necessary — obligation reinforced by GDPR.
5. Logging: keep logs of verifiable presentations for audit, without storing raw identity data.

Businesses that integrate the EUDI Wallet into their flows for electronic signature for law firms or for HR management will benefit from significant competitive advantage as of 2026.

Strategic issues and opportunities for businesses

Reducing friction in KYC/KYB processes

One of the most immediate benefits of the EUDI Wallet is the elimination of manual identity verification. Today, onboarding a new customer or partner involves sending supporting documents, human verification and processing delays. With the EUDI Wallet, verification becomes instantaneous, cryptographically certified and audited. The banking, real estate and insurance sectors — subject to AML/CTF obligations — see a major opportunity for automated compliance. The electronic signature in real estate sector is particularly impacted, with identity verification processes representing today up to 40% of administrative time.

Digital sovereignty and reducing dependence on GAFAM

The EUDI Wallet responds to strong political ambition: reducing European dependence on identity systems operated by non-European actors (Google, Apple, Meta). For businesses, this translates into an interoperable, open and non-captive authentication infrastructure, based on ISO and W3C standards rather than proprietary SDKs. This sovereignty is also a commercial differentiation argument in public tenders, increasingly sensitive to data localization clauses.

Impact on qualified electronic signature and QTSP

Qualified Trust Service Providers (QTSP) see their role evolving. With the EUDI Wallet, QSCDs can be hosted directly in the wallet or delegated to a cloud QTSP (Remote Qualified Signature). For businesses, this means that qualified signature — hitherto reserved for the most critical cases due to complexity — becomes accessible and scalable. Our comparison of electronic signature solutions now integrates this EUDI Wallet compatibility criterion into its analysis.

Applicable legal framework for EUDI Wallet and businesses

eIDAS 2 Regulation: (EU) 2024/1183

The founding text is Regulation (EU) 2024/1183 of the European Parliament and Council of 11 April 2024, amending eIDAS Regulation No. 910/2014. It is directly applicable in all Member States without national legislative transposition, ensuring legal uniformity across Europe. Articles 5a to 5c define obligations relating to the EUDI Wallet, assurance levels and user rights. Article 46f introduces specific obligations for Relying Parties in regulated sectors.

French Civil Code: articles 1366 and 1367

Under French law, a qualified electronic signature produced via an EUDI Wallet benefits from the reliability presumption provided for by Article 1367 of the Civil Code: "Electronic signature consists in the use of a reliable identification process guaranteeing its link with the act to which it attaches." Reliability is presumed when the signature is qualified within the meaning of eIDAS. Article 1366 assimilates electronic writing to paper writing provided that the author is identified and integrity is guaranteed — two conditions that the EUDI Wallet natively fulfills.

GDPR No. 2016/679: articulation with data minimization

Regulation (EU) 2016/679 (GDPR) applies fully to Relying Parties processing identity attributes from the EUDI Wallet. The principles of data minimization (art. 5 §1c), purpose limitation (art. 5 §1b) and privacy by design (art. 25) must be integrated from the design phase of technical integration. The native selective disclosure of the EUDI Wallet facilitates technical compliance, but the business remains responsible (art. 24) for documenting its legal bases for processing.

ETSI standards and technical standards

The qualified signature produced via EUDI Wallet must comply with standards ETSI EN 319 132 (XAdES), ETSI EN 319 122 (CAdES) and ETSI EN 319 162 (PAdES) for advanced and qualified electronic signature formats. Certification policies are defined in ETSI EN 319 401 (General Policy Requirements for Trust Service Providers). Commission Implementing Acts specify certification requirements for Trusted Issuers (standard ISO/IEC 27001 and Common Criteria EAL 4+).

NIS2 Directive: (EU) 2022/2555

Operators of EUDI Wallet infrastructure (Member States, Trusted Issuers, QTSP) are subject to the obligations of NIS2 Directive (EU) 2022/2555, transposed in France by Law No. 2023-703. For user businesses, NIS2 imposes risk management obligations relating to third-party providers (art. 21 §2d), which includes suppliers of solutions integrating the EUDI Wallet. An impact analysis of digital supply chain risks is therefore recommended before any deployment.

EUDI Wallet use cases in business

Scenario 1: Law firm — identity verification and signature of mandates

A business law firm with about twenty employees processes several hundred mandates, engagement letters and powers of attorney each month. Today, verifying client identity requires sending supporting documents by email, manual verification by the legal assistant and an average processing time of 48 hours. By integrating the EUDI Wallet as an authentication mechanism, the client presents their digital identity card from their wallet in less than 90 seconds. The qualified signature is produced without additional friction. According to feedback observed from large-scale pilots conducted between 2023 and 2025, this type of flow reduces client onboarding processing time by 60 to 75% and eliminates risks of data entry errors or expired documents. The firm also gains in AML/CTF compliance, identity attributes being cryptographically certified by a Member State.

Scenario 2: Industrial SME — supplier contract management and signature delegations

An industrial SME with about one hundred employees manages approximately 300 supplier contracts per year, involving procurement managers spread across three sites. Managing signature delegations is currently documented on paper and difficult to audit. With the EUDI Wallet enterprise (legal entity), management can assign verifiable delegation attributes to each procurement manager: commitment ceiling, geographic scope, validity period. These attributes are stored in the employee's wallet and presented automatically during each signature act. In case of departure or position change, revocation is instantaneous and audited. This mechanism reduces risks of contractual disputes related to unauthorized signatures and improves traceability for internal audits. Finance departments typically observe a reduction of 30 to 40% in time spent managing and verifying signing powers.

Scenario 3: Hospital group — patient consent and health data access

A hospital group comprising several establishments and about 1,500 health agents faces increasingly complex patient consent challenges, particularly for access to shared medical records via My Health Space. Integrating the EUDI Wallet as an informed consent mechanism allows the patient to validate, from their smartphone, access to their data by a specialist doctor, specifying the duration and scope of access. Selective disclosure ensures that only relevant medical attributes are shared. For health agents, the wallet provides their RPPS number (French Health Professional Directory) as a verifiable attribute, eliminating current manual verification processes. This type of deployment, consistent with the European Health Data Space (EHDS) framework, can reduce delays in accessing authorized health data from several hours to a few seconds. To learn more about sector-specific challenges, our guide on electronic signature in healthcare details applicable regulatory constraints.

Conclusion

The EUDI Wallet and eIDAS 2 regulation constitute the most significant transformation of European digital identity in a decade. For businesses, the challenge is not just to comply with new regulations, but to seize an opportunity to deeply modernize their signature, onboarding and delegation management processes. The legal, HR, health and industrial sectors are on the front line. The key to success lies in anticipation: assess the compatibility of your current tools now, train your teams and choose partners whose roadmap is aligned with eIDAS 2.

Certyneo supports businesses in this transition with an electronic signature platform designed to be EUDI Wallet compatible from its deployment. Discover our offers and start for free to anticipate 2026 with peace of mind.